Summary: WooTheme Hacker Attack & Community Response
As many of you have probably heard by now – WooThemes, a small yet profitable and well liked startup based in South Africa, suffered a severe hack on April 24th, shutting down the popular site for three days. The attack, described as “very malicious” by co-founder Adriaan Pienaar, deleted the company’s server and its entire database, including backup data. All traces of the path the perpetrators used to conduct the hack were also erased.
WooTheme’s biggest product is the WordPress plugin WooCommerce. The plugin allows users to turn their WordPress site into an e-commerce site complete with the ability to track sales. Given this, the main concern was not just an inability to use the site, but also the security of personal and credit card information. Once the site was back online, co-founder Mark Forrester updated the company blog with full details of the hack including notice that no sensitive or confidential data was stolen as users’ encrypted credit card details were safely hosted elsewhere.
Forrester also noted that the company moved its web hosting from VPS (virtual private server) to WPEngine, the leaders in WordPress site hosting, where it now has a dedicated server with “backups upon backups of backups” and, of course, exceptionally tight security.
The company was able to act swiftly to restore access and has been lauded among its users for being fully transparent in its efforts to communicate the event and its resolution. As information was discovered, it was continually shared with customers. A temporary blog was set up for updates, Twitter updates were dispersed, and their downtime blog was updated constantly (you can read an excerpt here.) Because customers were fully informed without having to ask, there was little to no backlash. This result is a testament to the company’s down-to-earth personality and its public relations savvy.
The lesson to be learned here, or reiterated anyway, is regardless of your host or platform take precautions to protect your work.
Here are a few tips:
Mix up your passwords – The more complicated the combination of upper- and lower-case letters, symbols, numbers, etc. the harder it is for a would-be hacker to figure out how to access your site.
Use plugins for enhanced security – Secure WordPress has features like removing error information on login pages, adding index.html to plugin directories, and hiding the WordPress version. Choose your plugin wisely -some can actually make it easier to hack your site. A little research on your chosen plugin will go a long way, as well as using plugins from a trusted source.
Back up your data – and back it up again. As you can see from WooTheme’s story, multiple backups in various locations could have saved them the time and headache of trying to retrieve data. WordPress offers tips and tools for backing up data here; or you can use the WordPress Backup to Dropbox plugin.
Above all, be aware of the threats out there, and upgrade your core site, themes and plugins regularly with the latest version of WordPress. It’s the single most important thing you can do to keep your site secure.
Questions for discussion:
Were you affected by the WooThemes hack?
How do you think WooThemes handled this attack?
What security precautions do you recommend?
Tell us your thoughts in the comments below!